International Organizations

Alex Grigsby is the assistant director for the Digital and Cyberspace Policy program at the Council on Foreign Relations. As Politico noted in June, the United Nations Group of Governmental Experts on Information Security (GGE) agreed to consensus document laying out its recommendations to guide state activity in cyberspace. Politico called the document a "breakthrough" because it enshrines a series of norms that the U.S. government has been promoting. At the time the article was published, it was hard to determine whether the champagne-popping was necessary given that report wasn’t made public. Late last month, the UN released the text of the 2015 GGE report. As with many UN reports, this one is filled with recycled language from previous reports and General Assembly resolutions. The sections that speak to the threats in cyberspace, the need for confidence building measures, and the importance of capacity building are largely pilfered from the 2013 report and don’t really convey anything new. However, there are some exceptions. The U.S. was successful in getting its preferred norms with respect to critical infrastructure--States should respond to requests for assistance, and refrain from cyber activity that intentionally damages or impairs critical infrastructure or computer emergency response teams--adopted by the group. On the surface, getting everyone to agree to not attack critical infrastructure is great. But it’s hard to see what additional clarification this new norm provides. Each state classifies critical infrastructure differently--the United States has sixteen sectors, Japan has thirteen, Canada has ten, Germany has nine--and many of these sectors are defined so broadly, that any disruptive or destructive cyber incident is likely to affect some form of critical infrastructure. For example, the North Korea incident against Sony was probably an attack against critical infrastructure, given that the U.S. Department of Homeland Security classifies motion picture studies as part of it’s commercial facilities sector. Moreover, as David recently pointed out, there’s already a norm against disruptive or destructive cyber activities. It’s called Article 2(4) of the United Nations Charter, which prohibits the threat or use of force. Despite the lack of new insight on the protection of critical infrastructure, the GGE report breaks new ground in three important areas. First, the report explicitly references the possible applicability of the international legal principles of humanity, necessity, proportionality, and distinction, though the wording of the text makes it unclear whether the group reached consensus on whether they actually apply to state activity in cyberspace or merely noted their existence. The U.S. seems to interpret it as endorsing the applicability of these principles to cyberspace, but the Chinese in particular have avoided doing so in the past. At the 2012-2013 GGE, the Chinese blocked any attempt to reference humanitarian law principles in that group’s report on the basis that endorsing their applicability would legitimize armed conflict in cyberspace. If the 2014-2015 group endorsed necessity, proportionality, and distinction, it would represent a considerable shift in China’s position. Second, the report notes that states should substantiate public accusations of state-sponsored cyber activity, and that "the indication that an ICT activity was launched or otherwise originates from a State’s territory ... may be insufficient in itself to attribute the activity to that state." The text was inserted at the last minute at Russia’s request, and it’s unclear why. China, not Russia, is generally the most vocal about the need for evidence when publicly attributing malicious cyber activity, regularly asserting that accusations without proof is "irresponsible and unscientific," In any case, Russia may be trying to promote a norm against public attribution without strong evidence. The United States has signalled that it is willing to name and shame states that engage in destructive activity (e.g. North Korea), steal intellectual property for commercial gain (e.g. the five PLA indictees), and to establish deterrence. In the future, the United States may need to provide more concrete evidence than the "trust us" approach it’s used in the past. Third, the report recommends that states "should respond to appropriate requests for assistance by another state whose critical infrastructure is subject to malicious ICT acts." This recommendation may seem banal, but it’s pretty significant. Many states have established national computer emergency response teams (CERTs) to act as focal points to coordinate national and international responses to cyber incidents. Oftentimes, one national CERTs’ request for assistance from another can go unanswered for days, allowing malicious traffic that could be terminated to go unabated. In the case of the 24/7 point-of-contact network established by the G8 to combat cybercrime, many of the national points of contact don’t even pick up the phone. Creating an expectation that requests for assistance will be answered may actually pressure some into responding. With any luck (and prayers from Duncan Hollis), the expectation could even turn into an obligation to provide assistance, much like the duty to render assistance under the law of the sea. Are these developments a breakthrough? Not really. Like any diplomatic endeavor, each side will be able to claim that it won. The United States and its allies will trumpet it as a win for their preferred norms. Russia, and to a lesser extent China, will be able to claim that the norms in the report are a step towards the establishment of new international law as Russian GGE expert Andrey Krutskikh did three weeks ago. Nevertheless, there are some nuggets in the GGE report that represent small but genuinely important steps that clarify what states should and shouldn’t do in cyberspace. Correction: This post was updated to reflect the fact that Russia, not China, inserted language in the GGE report that a state should substantiate accusations of state-sponsored cyber activity.

Coauthored with Theresa Lou, research associate in the International Institutions and Global Governance program at the Council on Foreign Relations. The migration crisis of 2015 makes for somber reading. Seven hundred migrants drowned crossing the Mediterranean from war-torn Libya. Last week, Austrian authorities made the grisly discovery of seventy-one corpses in a truck. Most recently, the body of a three-year-old Syrian boy washed up on a Turkish beach, sparking international outcry. People have been on the move since the dawn of time, of course, but never in such numbers. By the end of 2014, 59.5 million individuals had been uprooted due to conflict or persecution—the highest level since World War II. Despite knowing the risks, every day thousands continue to board rickety boats, or pay smugglers for the promise of safety and better lives ahead. Ground zero for the current crisis is the European Union (EU), where approximately 1.7 million desperate people have attempted to enter between 2011 and 2014. The Syrian civil war has displaced more than four million refugees to neighboring countries such as Turkey, Jordan, and Lebanon, where camps burst at the seams. As chances of returning to Syria dim—and prospects in host countries remain bleak—even more refugees are now heading for Europe. However, EU leaders are flailing in response, whipsawed between the humanitarian and self-interested instincts of their electorates. Hungary’s refusal to allow migrants to board trains for other EU countries and the building of a fence along its borders with Serbia are only the latest examples. The EU’s crisis is compounded by poverty in the western Balkans, where high unemployment and entrenched political corruption have led many to conclude that life will simply not get better. More than forty percent of all asylum applications in Germany during the first six months of 2015 came from Kosovo, Serbia, and Macedonia. Why is Europe Struggling? The pressures of uncontrolled migration are hardly restricted to Europe—as the U.S. presidential campaign has underscored. But the EU’s predicament is particularly acute. The sudden influx of migrants has appeared to catch European governments by surprise, and has exposed fissures among the members of the Union. There at least four reasons why Europe is struggling. Europeans often don’t know who is crossing their borders: Are they refugees or economic migrants? Many of the people showing up are asylum seekers who claim the status of refugees—defined under a 1951 UN convention as someone who has fled his or her country because of a “well-founded fear of being persecuted for reasons of race, religion, nationality, membership of a particular social group or political opinion.” But until such claims can be definitively evaluated—which can take months—these people are stuck in limbo, suspected of being economic migrants who have chosen to move for better job prospects. Making such judgments is tough, but the decisions matter: refugees are entitled to international protection in an asylum country, whereas economic migrants can be turned away. But what about those who fall in the gray zone? Are people who flee from a country plagued by persecution, discrimination, and also a crumbling economy asylum seekers or migrants? What about those who fled their countries for refugee reasons but continue on in search of better job prospects? Answers to such questions often boil down to a judgement call with grave implications for the person in question. EU members can’t get on the same page: Complicating matters, EU member states are quarrelling amongst themselves about how to respond. In principle, the EU’s Dublin Regulation stipulates that entry-point states are responsible for housing migrants and examining their asylum applications. But this EU law has placed a heavy strain on Mediterranean nations like Italy and particularly Greece, whose protracted financial crisis has left it ill-equipped to handle a sudden influx of refugees. In what it thought was a constructive move, Germany has suspended the Dublin Regulation and will allow Syrian refugees to apply for asylum even if they first arrived in another country. Berlin has since called for the EU to redistribute asylum seekers amongst member states. The idea of a quota system gained support from European Commission President Jean Claude-Juncker and, recently, European Council President Donald Tusk. But other EU members, including the United Kingdom and Hungary, vehemently insist that immigration policies be decided by individual governments. On Thursday, Hungarian President Viktor Orban blamed Chancellor Angela Merkel for essentially “inviting” migrants to Europe, labeling the crisis a “German Problem.” Such finger-pointing bodes ill for a unified EU front. Politicians are feeling the heat from right-wing blowback: The rise of right-wing political parties in numerous EU countries (Denmark, Sweden, and France, for example) has fueled popular anti-immigrant sentiments. Violence against refugees and migrants has spiked in Germany, where asylum seekers increased by 132 percent over the same period in 2014. The pressures of populist nationalism have made it more difficult for politicians at the inter-European level to agree on a unified response. Regulatory incoherence: In 2013, the European Parliament endorsed a Common European Asylum System, which establishes procedures to ensure uniform treatment for all asylum applications. Unfortunately, EU countries have failed to implement and enforce these provisions with any consistency. Complicating matters, there is no agreed list of countries the EU considers to be in conflict, making it hard to determine whether a person is an asylum seeker or a migrant. Nor are there any collective EU centers for asylum seekers to get processed and fed. Each EU nation has its own ways of doing things, exacerbating the sense of regulatory chaos. Europe’s migrant crisis is only the latest and most acute manifestation of a broader international problem: failure to develop and implement common standards and procedures for handling migrant flows, especially in the wake of political and economic turmoil. This is partly inherent in the complexity and sensitivity of migration, compared to other global flows. Hoping to benefit from globalization, governments in recent decades have lowered barriers dramatically for most factors of production, including capital, goods, services, and ideas—and they have negotiated multiple rules to govern the world economy. But the international regulation of migration has lagged, globally and regionally, because the cross-border movement of people is inherently sensitive politically—touching on issues of sovereignty, security, employment, and (not least) national identity. The result is a regulatory vacuum. All of these dilemmas are complex, and none is easily resolved. But the EU can and must do better.  European leaders will meet on September 14 in Brussels to combat the growing migrant crisis. At a minimum, they need to reach agreement on the following points Reaffirm humanitarian values: While the European Union needs to control its borders, it must do so in a manner that respects the humanity of migrants, even those attempting to enter illegally. Some national responses—including Hungary’s use of a train station as essentially a holding pen, as well as its decision to build a border fence with Serbia—are inconsistent with European moral values. The EU cannot afford to become a fortress, even as it remains a magnet for migrants. Hammer out realistic agreement on burden-sharing: Given controversy over the proposed quota system, EU leaders need to negotiate a workable compromise that more equitably apportions responsibility for screening, processing, sustaining, and (in principle) granting asylum to refugees. Such an accord would be a powerful and needed symbol of European solidarity. Jointly designate countries of safe origin: It is imperative that the EU finalize a list of safe countries of origin, so that those who do not qualify for asylum (namely, the economic migrants), can be repatriated in an orderly and humane manner. Member countries should also commit to fully implement efficient screening processes that reduce blockages and allow asylum seekers and refugees to get accommodations they require. Finally, Europe’s current predicament carries a larger lesson. The nations of the world need a more robust multilateral mechanism to develop and promote common global standards for the processing and treatment of migrants and refugees. The building blocks of such a system already exists, including in the International Organization for Migration (IOM) and the UN’s High Commissioner for Refugees (UNHCR). But the IOM is mainly an assistance body rather than a forum for negotiation, and UNHCR is stretched thin by multiple humanitarian crises. However, rather than seeking to create an entirely new international organization, UN member states should look to strengthen these existing ones so that they can do more to assist countries and regions coping with unexpected spikes in refugees and migrants.  Ban Ki-moon’s upcoming emergency summit on migration (planned for September 30) is a welcome step in this direction.

Omar al-Bashir is in China to observe a huge military parade commemorating the end of World War II. He is under indictment by the International Criminal Court for war crimes, which has issued warrants for his arrest. Parties to the Treaty of Rome, which established the Court, are obligated to arrest Bashir. That nearly happened earlier in the year when the Sudanese president went to South Africa for a summit of African Union heads of state. However, China is not a party to the Treaty of Rome. According to Reuters, when a Chinese foreign ministry spokeswoman was asked about the “irony” of inviting a chief of state indicted for war crimes when so many were committed during World War II, she replied that was “overthinking.” She went on to say: “The people of Africa, including Sudan, made an important contribution in the victory in the World Anti-Fascist War. China’s invitation to President Bashir to the commemoration activities is reasonable and fair. While he is in China we will give him the treatment he should get.” According to the media, the Chinese government has been associating the victory parade with atrocities carried out by the Japanese in China during World War II. Western representation at the parade, which will feature 12,000 troops marching through Beijing, will be low-level. Chinese president Xi Jinping welcomed Bashir as an “old friend.” Indeed, Khartoum and Beijing have long been close. China is Sudan’s largest trading partner and source of foreign investment. Sudan’s oil production has largely been in Chinese hands, and Sudan imports a wide range of goods from China. Historically, China has pursued a “non-interference” policy with respect to Sudan, including Khartoum’s human rights abuses. However, more recently China has been playing a positive role in the search for a solution in South Sudan and supplies some 700 peacekeepers to guard the oil fields. It has cut back significantly its arms sales to Khartoum.

Below is a visualization and description of some of the most significant incidents of political violence in Nigeria from August 22, 2015 to August 28, 2015. This update also represents violence related to Boko Haram in Cameroon, Chad, and Niger. These incidents will be included in the Nigeria Security Tracker.   August 22: Sectarian violence in Gassol, Taraba, resulted in seven deaths. August 22: Sectarian violence in Barkin Ladi, Plateau, resulted in two deaths. August 23: Boko Haram ambushed the Nigerian chief of army staff’s convoy in Dikwa, Borno, killing one soldier. Ten insurgents were also killed. August 25: Two suicide bombers killed themselves and six others in Damaturu, Yobe. Boko Haram is suspected.  August 25: Two suicide bombers killed themselves and one soldier in Maiduguri, Borno. Boko Haram is suspected. August 26: Two suicide bombers attacked a Chadian army camp in Kaiga Ngouboua, Chad, killing only themselves. Boko Haram is suspected. August 26: Pirates abducted three in Ogbia, Bayelsa. August 26: Boko Haram killed one Nigerien soldier and two others in Abadam, Niger.  

Here is a quick round-up of this week’s technology headlines and related stories you may have missed: A U.S. Court of Appeals ruled that the Federal Trade Commission (FTC) has the authority to require companies to improve their cybersecurity practices. As a result of a 2008 and 2009 hack at the Wyndham hotel chains that exposed customer data, the FTC sued Wyndham for engaging in "unfair business practices" by having inadequate and unreasonable cybersecurity practices that led to the breach. Wyndham challenged the suit, arguing that the FTC had no business regulating companies’ cybersecurity practices. The appellate court decision is a resounding victory for the FTC, giving it authority to require U.S. companies that collect personal data improve their cybersecurity. The Center for Democracy and Technology, which filed a brief in support of the FTC, is thrilled that the decision sends "a clear signal to companies that robust security is a necessity when doing business." Paul Rosenzweig at Lawfare is skeptical, believing that the FTC is "not up to the task" of assessing appropriate cybersecurity practices. Same goes for the Berkman’s Center’s Josephine Wolff, who argues that the FTC’s vague cybersecurity advice will only lead to confusion in the private sector. Facebook’s ThreatExchange cyber threat information sharing platform has signed up over ninety participating companies in the six months since it’s launch—but not the U.S. government. Facebook says government agencies won’t be welcome in ThreatExchange until Congress passes legislation that defines how the U.S. government would use information shared with it. The platform allows participants to share threat data with all other members or with a subset of members, and integrates open source intelligence and data from Facebook. The social media giant said last week that it is looking for partners in the retail, telecom, and consulting industries—but it may be some time before the feds meet Facebook’s requirements. Congress put information sharing legislation on hold for summer recess, and twenty-two amendments await it when the Senate reconvenes. The United Nations released the consensus report from the Group of Governmental Experts in the Field of Information and Telecommunications in the Context of International Security--more commonly known as the UN GGE. The GGE obtained consensus on the document in late June, but it took a little more than six weeks for the report to be made public. We’ll have an analysis of the report next week. And in case you missed it, be sure to check out our latest Cyber Brief, which proposes a framework for policymakers to respond to disruptive of destructive state-sponsored cyber incidents.

Elaine Korzak, PhD is a W. Glenn Campbell and Rita Ricardo-Campbell National Fellow at the Hoover Institution, Stanford University, and an Affiliate at the Center for International Security and Cooperation (CISAC), Stanford University. On May 8, 2015, the Russian Federation and the People’s Republic of China signed a bilateral agreement on cooperation in the field of international information security. The treaty, which some have dubbed a “nonaggression pact” for cyberspace, details cooperative measures both governments pledge to undertake, including exchange of information and increased scientific and academic cooperation. With this, Russia and China continue to advance their vision of “information security,” a view of security concerns in cyberspace that is markedly different from Western approaches of “cybersecurity.” Many observers have characterized the agreement as a largely political move at a time of heightened tensions with the United States and Europe. The alignment of Russia and China is seen as a response to growing Western pressure. Accordingly, Russia’s pivot to the East follows Western sanctions over its actions in Ukraine. However, a closer look reveals that the agreement follows a longstanding series of diplomatic initiatives launched by both countries. Already in 2009 Russia and China signed an agreement on cooperation in the field of international information security in the framework of the Shanghai Cooperation Organization. Later, in 2011 both countries submitted a proposal for an international code of conduct for information security to the United Nations. Although the proposal failed to garner sufficient support in the relevant Committee of the General Assembly, Russia and China redoubled their efforts. An updated version of the code of conduct is currently circulating in the UN in time for this fall’s General Assembly session. All these initiatives sought to advance Russia’s and China’s views on a variety of cybersecurity issues while shoring up their positions in international discussions. This year’s bilateral agreement is no exception in this regard. Familiar Themes    The treaty picks up on many of the themes from past documents. For one, the Russian-Chinese agreement continues to define “threats” in cyberspace broadly. While the treaty mentions threats that would also be of concern to the United States and Europe, the pact also defines cyber threats as the transmission of information that could endanger the “societal-political and social-economic systems, and spiritual, moral and cultural environment of states.” Obviously, this could be interpreted very broadly and Western countries have been concerned that similar provisions could be used to unduly restrict the free flow of information. Second, the agreement between Russia and China also touches upon questions of Internet governance. Continuing previous efforts, the document calls for the creation of a “multilateral, democratic and transparent management system” for the Internet, giving states and their governments a greater, if not predominant, voice in the governance process. This view of multilateral Internet governance stands in contrast to the multi-stakeholder model preferred by Western states. Novel Aspects The treaty is most interesting for its novel aspects. Compared with past initiatives, the agreement details a remarkable level of cooperation. Whereas previous pledges of cooperation remained vague and somewhat aspirational, the current agreement provides a list of concrete measures and policies to be realized by both sides, coordinated and evaluated through two consultation meetings a year. These range from the creation of contact points and communication channels between various government entities to the realization of joint scientific projects. Moreover, the agreement stands out for its normative aspects. It specifically provides that both countries shall cooperate in the creation and dissemination of international legal norms in cyberspace. This includes increased cooperation and coordination of positions in various international forums, including the UN, where both countries have been pushing for the negotiation of new international legal norms to regulate the use of cyber warfare.  The agreement thus formalizes their joint interest in shaping the international debate on norms in cyberspace. Lastly, one provision has been widely reported as a “nonaggression” provision whereby Russia and China, for the first time, pledge to refrain from “computer attacks” against each other. In Article 4 the treaty provides that: Each Party has an equal right to the protection of the information resources of their state against misuse and unsanctioned interference, including computer attacks against them. Each Party shall not exercise such actions with respect to the other Party and shall assist the other Party in the realization of said right. The two sentences, in conjunction, could be read in a way to keep Russia and China from using “computer attacks” against each other. If so, this provision would be remarkable not only for its content but also for the kind of language it employs. Previously, particularly China has avoided the usage of language that could implicate the right to self-defense, which it interprets as legitimizing the use of offensive cyber activity in conflict. On the other hand, the language of this provision is strikingly vague. Phrases such as “misuse” and “unsanctioned interference” could obviously be interpreted quite differently by both sides leaving significant loopholes in the scope of the provision. Given the magnitude of Russian and Chinese activities in cyberspace, including those directed against each other, this commitment and the seriousness with which it will be implemented are questionable. Thus, the characterization of this provision as a “nonaggression” pledge might be overstated. Implementation Will Be Critical Overall, the Russian and Chinese agreement continues many familiar themes. It echoes previous diplomatic initiatives that have united both countries in international cybersecurity discussions. Yet, it also offers a number of novel aspects. In the end, however, the treaty itself is just the first step. The decisive aspect in evaluating the impact of this document will be its implementation. Particularly the implementation (or non-implementation) of the cooperation commitments, and even more so of the “nonaggression” provision, will decide whether the agreement really marks the beginning of a closer relationship between both countries or whether it will be relegated to a symbolic diplomatic effort overtaken by reality.

Below is a visualization and description of some of the most significant incidents of political violence in Nigeria from August 8, 2015 to August 14, 2015. This update also represents violence related to Boko Haram in Cameroon, Chad, and Niger. These incidents will be included in the Nigeria Security Tracker.   August 8: Members of a cult killed four in Makurdi, Benue. August 9: Boko Haram killed four in Damboa, Borno. August 11: Sectarian violence in Anambra East, Anambra, led to four deaths and three abductions. August 11: A bomb explosion killed forty-seven in Sabon Gari, Borno. Boko Haram was suspected. August 11: Sectarian violence led to four deaths in Mangu, Plateau. August 11: Boko Haram killed eight and kidnapped four in Jere, Borno. August 11: Cameroonian soldiers killed twenty Boko Haram insurgents and lost one of their own in Ashigashia, Cameroon. August 12: A vigilante group killed seventeen Boko Haram fighters and lost one of their own in Askria/Uba, Borno. August 12: Boko Haram killed two soldiers and eight civilians in Blamé, Cameroon. Cameroonian soldiers repelled the attack, killing twelve insurgents. August 13: Sectarian violence resulted in four deaths in Barkin Ladi, Plateau.

Coauthored with Eleanor Powell, intern in the International Institutions and Global Governance program at the Council on Foreign Relations. United Nations peacekeeping efforts have long had a dark side: a history of sexual exploitation and abuse against civilians by UN personnel. While the UN has paid lip service to stopping such sexual violence, a recent internal review reveals the still-alarming scope of these crimes—and the failure of the international community to hold perpetrators to account. After years of inaction and broken promises, however, several factors are aligning today in promising ways that prime the political environment for progress. But the important question is how far this progress will go. Sexual violence by peacekeepers is by now disturbingly familiar. Reports of such crimes date back at least to the 1990s, in UN missions in Mozambique, Bosnia, Guinea, Liberia, and Sierra Leone. Abuses ran the gamut from sex trafficking to prostitution in exchange for money, food, or medical supplies. After repeated outcries, the UN condemned these abuses as reprehensible in a 2003 special bulletin from the secretary-general and established a “zero tolerance” policy in 2005. In fact, business as usual continues. Experts offer various explanations for these recurrent abuses, ranging from power differentials between peacekeepers and impoverished civilians to lack of training and education on UN policies within troop-contributing countries. But one common thread runs through all these cases of abuse: peacekeeping personnel enjoy a staggering level of impunity, thanks to the structure of the UN peacekeeping system. Generally speaking, rich states contribute funds for peacekeeping, and poorer states contribute troops. UN peacekeeping missions are at their historic high deployment, with 106,000 military and police units (compared to 34,000 in 2000) and 19,000 civilian staff in sixteen operations under UN command around the world. Moreover, contemporary missions last almost three times longer than their predecessors, and the UN also provides logistical support to more than 20,000 African Union (AU) personnel. The high demand for UN peacekeepers means that the United Nations Department of Peacekeeping Operations (UNDPKO) is constantly scrambling not just for funds, but for personnel to fill peacekeeping slots. Current UN policies go extra lengths to encourage troop-contributing countries to keep sending personnel—with disastrous consequences for oversight and accountability. Currently, agreements among UNDPKO, troop-contributing countries, and host countries assign jurisdiction for investigating any alleged abuse solely to the troop-contributing country. Any disciplinary action by the sending state, moreover, remains purely voluntary. These policies are meant to send two clear messages: the sovereignty of troop-contributing countries will be protected, and the UN is in the business of promoting continued troop donations rather than turning them away. Inevitably, given the UN’s desire not to step on anyone’s toes, internal UN reform efforts to date have done little to stop sexual abuse by peacekeepers. A UN Office of International Oversight Services report from May 2015 recorded 480 allegations of abuse between 2008 and 2013. (Given the underreporting of such crimes, the number of victims is likely far higher). While no UN mission was immune, the report singled out as egregious four missions in Haiti, the Democratic Republic of Congo, Liberia, and Sudan/South Sudan. Moreover, the report suggested a disturbing trend: in 36 percent of cases, the alleged victims were minors. This report, along with the recent leaked allegations against French troops in the Central African Republic and another round of allegations of abuses committed by AU peacekeeping contingents from Chad and Equatorial Guinea, suggests that little has been done to curb sexual abuse in such operations a quarter of a century after it was first reported. At long last, however, real action may be on the horizon. In June, UN Secretary-General Ban Ki-moon announced the creation of an External Independent Review Panel, co-chaired by Marie Deschamps (Canada), Hassan Jallow (Gambia), and Yasmin Sooka (South Africa), to examine the UN’s handling of allegations of sexual exploitation and abuse. This marks the first time the UN has commissioned such a review. The panel will publicly release its findings within ten weeks, to be subsequently used “in any manner the Secretary-General considers to be in the interests of the United Nations.” Meanwhile, President Obama plans to hold a summit on peacekeeping during the UN General Assembly’s high-level week in late September. Beyond urging states to fill gaps in existing missions and plan future operations, the president can use this platform to highlight the glaring problem of sexual abuse in UN missions. Finally, in October, the United Nations is scheduled to undertake a high-level review of Security Council Resolution 1325 (2000), which calls upon UN peace missions to be more gender sensitive and end impunity for gender-based crimes. In parallel with these multilateral efforts, some troop-contributing states are beginning to combat impunity on their own, by taking allegations against their nationals seriously, and publicly detailing their disciplinary actions. India recently made headlines for punishing several members of its contingent for sexual abuses in the DRC, and France announced it would take legal action against its soldiers accused of raping children in the Central African Republic in 2014. Another promising development is the growing activism of civil society actors. Until recently, the advocacy community focused its energies on the broader category of sexual violence in conflict, which has sometimes distracted attention from the particular problem of abuse by peacekeepers. That has changed. In May, Code Blue became the first advocacy campaign focused specifically on sexual exploitation committed by peacekeeping personnel. The group has leaked internal UN reports, placing new pressure on the UN, troop-contributing states, and major funders of peace operations—including the United States. More recently, in July, the UN’s deputy high commissioner for human rights, Flavia Pansieri, stepped down after Code Blue’s leaked reports revealed that she had failed to act after being informed of allegations against French soldiers in the Central African Republic. This unprecedented confluence of factors—including high-level attention from the UN, national governments, the media, and advocacy groups—suggests that real reform could be in the offing. But it is by no means guaranteed. This attention provides a window of opportunity for action against sexual violence by peacekeepers, but that window will not stay open long, as interest inevitably shifts to other international crises and scandals. Moreover, this brief window of opportunity may not be open to all possible reforms. True progress on this issue would entail greater transparency and cooperation from troop-contributing countries, a consistent process for handling allegations and determining sentences, and some form of UN enforcement capability to deal with states that refuse to comply. But with little being done to combat the UN’s problem of high troop demand and low supply, peacekeeping missions are unlikely to see these major reforms any time soon. The danger is that UN member states and the UN itself will continue to take cosmetic steps, such as a nonbinding General Assembly resolution that condemns sexual violence by peacekeepers and directs troop contributors and mission commanders to take steps, including improved predeployment training and mission monitoring, to curtail such abuse. Another risk is that the UN will hail the report as a watershed moment, only to let recommendations get lost in bureaucratic limbo. While promoting norms is important, accountability and consequences matter even more. The UN needs to establish some mechanism to hold UN troops and civilian personnel to account for sexual crimes committed during peace operations, so that they cannot be shielded behind national sovereignty. True change will require three ingredients: greater transparency, generous funding, and high-level political pressure. First, the UN must improve its mechanisms for victims to report abuse and mandate new reporting requirements for troop-contributing countries. Missions must detail and publicly disclose the number of victims and perpetrators, broken down by nationality, and the disciplinary action taken as a result of substantiated allegations. Greater transparency would expose the scope of the problem and help civil society groups hold troop-contributing countries accountable by naming and shaming governments that give their soldiers a pass when it comes to committing sexual violence. Second, wealthy donor nations should provide legal, technical, and other assistance to help well-intentioned governments that are willing to hold their troops accountable but lack financial and other capacities to do so. Finally, the United States must lead on this agenda. President Obama should use the UN special session on peace operations this September to spotlight the problem of sexual abuse by peacekeepers, and his administration should keep the pressure on in ensuing months to ensure that the UN’s fine words translate into action.

Benjamin Brake is an international affairs fellow at the Council on Foreign Relations and a foreign affairs analyst in the Bureau of Intelligence and Research at the U.S. Department of State. The views expressed in this article are those of the author and do not necessarily represent those of the Department of State or the U.S. government. Claims that technical experts have solved attribution ignore legal challenges that could slow or limit how states might lawfully respond to a major cyberattack. First, a country hit with a major cyberattack would face the novel challenge of persuading allies that the scale and effects of a cyberattack were grave enough to trigger a right to self-defense under the UN Charter. No simple task, given that the UN rules were drawn up seven decades ago by countries seeking to end the scourge of traditional, kinetic warfare. Jurists still debate how self-defense applies in cyberspace and U.S. officials admit building a consensus could be a challenge. If a victim state does corral a consensus that the right to use force in self-defense has been triggered, a second legal question could compound the attribution challenge even further. Can the actions of a hacker be attributed to a nation-state as a matter of law? Answering this question presents a major legal hurdle if the attack is launched by an ostensibly non-state hacker with murky ties to an adversary government—a growing trend already seen in cyberattacks linked to Russia and Iran. Legal precedents born out of traditional conflicts and proxy wars suggest the evidentiary burden to attribute the actions of non-state hackers to a state will be substantial. And experiences from recent incidents offer a discouraging preview. It took less than 24 hours for a prominent cybersecurity expert to cast doubt on claims by unnamed U.S. officials that China was behind the breach of OPM’s networks. Official accounts of Pyongyang’s role in the Sony attack played out similarly, with news outlets featuring competing expert accounts of responsibility—a line-up of suspects that included North Koreans, Russians, hacktivists, cyber criminals, and disgruntled employees. Old Law in New Battles In 2013, some of the world’s major cyber powers reached a consensus that law applies in cyberspace, including principles of the law of state responsibility. Attributing conduct to a nation-state under this body of customary international law, however, requires extensive evidence of state control over a hacker—a significant ask of intelligence agencies already burdened with looking out for and mitigating the cyberattacks themselves. Under the law of state responsibility, a state is accountable for the actions of individuals acting under its “effective control.” Legal scholars debate what “effective control” looks like in practice, but the International Court of Justice has ruled that violations of the law of armed conflict by private individuals can be attributed to a state only if it could be shown the state “directed or enforced” an operation. In a landmark 1986 case, evidence the United States financed, organized, trained, supplied, and equipped the Nicaraguan contras, as well as aided in the selection of targets and planning of contra operations, was not enough to show the United States exercised effective control over the contras. Contra war crimes, it followed, could not be attributed to the United States. Extending the Nicaragua precedent to cyberspace, a victim of a cyberattack would likely have to prove more than an adversary supplied a cyber weapon to a non-state actor. A victim would instead have to show the state ordered or had “effective control” over all aspects of the cyberattack. Without such evidence, a victim’s lawful response options may be limited to actions against the non-state actors—cold comfort for a nation reeling from a cyberattack perpetrated by hackers financed, organized, trained, supplied, and equipped by a nation-state adversary. The victim state can of course decide for itself whether it has met the burden of proof in its attribution and unilaterally unleash an armed response—attribution, it has been said, is what states make of it—but a desire for international legitimacy could require meeting international law’s significant evidentiary burden before acting in self-defense. Sovereign Impunity Together, clearing these two legal thresholds will pose a significant challenge for countries seeking to respond to cyberattacks. Only after both are cleared is a victim endowed with a right to use force in self-defense against an attacker’s armed forces or other military objectives. This double burden could leave a victim state choosing between two bad outcomes: responding with force in a manner deemed illegitimate in the eyes of the international community; or responding with “non-forcible countermeasures” (criminal sanctions or diplomatic measures such as a demarche). Either outcome would lend support to the growing sense of cyberspace as a lawless frontier. Expert contributors to the Tallinn Manual, an influential treatise on how international law applies to cyber warfare, are attempting to develop a consensus around how the law of state responsibility applies to the use of proxies in cyber operations. But until a shared understanding of state responsibility in cyberspace emerges, governments must themselves push for and enforce—as publicly as possible to ensure their behavior sets responsible precedents—a standard that punishes the use of proxies for cyberattacks and holds countries accountable for the consequences of those attacks. Public attributions, declassification of relevant intelligence, and the responsible use of countermeasures will do far more than tribunals and legal scholars can to shape how we deal with attribution and responsibility in cyberspace.

The following is a guest post by Charles T. Call, associate professor in American University’s School of International Service and author of Why Peace Fails: The Causes and Prevention of Civil War Recurrence (Georgetown University Press, 2012). Last month, an independent panel of experts released a much-anticipated review of United Nations peace operations—and not a moment too soon. The panel was the first to examine the future of UN peacekeeping since the landmark Report of the Panel on United Nations Peace Operations, commonly known as the Brahimi Report, published in 2000. Appointed by Secretary-General Ban Ki-moon in October 2014 amidst questions about the effectiveness of UN peacekeeping operations, the panel was charged with evaluating the current state of peace operations and their future needs. UN peacekeepers routinely confront new security challenges even as peacekeeping operations have grown to over one hundred thousand troops at a cost of $8.2 billion per year. The report combines sound analysis of the current problems of peacekeeping with a comprehensive package of specific recommendations concerning conflict prevention, protecting civilians, and more effective use of UN troops in the face of diverse security challenges. In contrast to most prior UN reports, however, the panelists acknowledge that the main problems of peace operations lie with the political and budgetary jockeying of member states. The report criticizes stingy Western countries that focus on overly militarized solutions, repressive governments that endanger UN troops, and irresponsible troop-contributing countries that turn a blind eye to abuses. Below is a tour d’horizon of the good, the bad, and the sad of the report. The Good Adapting to New Strategic Contexts In recent decades, the conditions in which peacekeepers operate have undergone dramatic changes. The report makes apt distinctions between traditional ceasefire missions, post-Cold War peace implementation missions, and post-9/11 “conflict management” missions. All three types confront unique challenges, but the latter are especially difficult: oftentimes, peacekeepers are deployed to places where there is no peace to keep, are threatened by terrorists, or are given unclear mandates in the absence of a political process. Increasingly, the UN is pressed to assume a counterinsurgent or counterterrorist role alongside Western forces, contradicting the principle of neutrality. The report strikes a balance between cautioning against peacekeepers becoming combatants, while supporting offensive actions so long as a political process is being pursued. Investing in civilian state-building in the absence of a viable political process is indeed wasteful. The report suggests new combat capabilities, but doesn’t offer a full vision for effective involvement in thorny Middle East situations—one of the reasons the panel was formed in the first place. Stating that UN peacekeeping missions are “not suited to engage in military counterterror operations,” the report seeks to preserve the legitimacy of the UN and its security, but in doing so, glosses over the political realities that future missions are likely to confront. The report’s emphasis on conflict prevention is refreshing and overdue. The panelists write that the “avoidance of war rather than its resolution should be at the centre of national, regional and international effort and investment.” They call for marshaling all of the UN’s tools—going beyond reactive peacekeeping missions toward strengthening diplomatic and preventive political missions, elections support, human rights work, peacemaking and mediation support, and postwar peacebuilding efforts. Tough words The report has tough words for multiple constituencies, from the Secretariat and the Security Council to troop-contributing member states that fail to hold their troops accountable for sexual exploitation and abuse. The panelists highlight the shortcomings of “headquarters-focused policies, administrative procedures and practices” that are often unresponsive to the quick-changing needs of field offices. The panel also takes the P5 to task for mandating peace operations as a substitute for addressing underlying causes of mass violence where entrenched parties have links to one or another member of the P5. The report also includes a welcome call for greater accountability all around. The panelists highlight the outrageous lack of accountability for sexual exploitation and abuse by UN personnel, UN member states that obfuscate and drag their feet, and a Secretariat that takes sixteen months on average to investigate complaints. Moreover, they call on the Secretariat to bar troop-contributing member states that do nothing to hold their peacekeepers accountable for sexual exploitation, rape, and other abuses. Flexible Funding The review recognizes that peacekeeping does require some money to actually do programs on the ground. The panel thus calls for permitting some resources from the assessed budget be used to support mission mandates that the Security Council has already deemed important. Peacekeeping desperately needs this flexibility. The report also makes a welcome call for UN missions to buy goods from national markets and producers to strengthen, rather than undermine, local economies. The Bad Too Military-Centric The Security Council and most troop-contributing countries have focused on the military component of peacekeeping as the main instrument of influence, rather than as the security umbrella under which national actors—with external civilian expert support—can safely do the work of forging sustainable peace in their country. This problem plagues the U.S. approach to peacebuilding and stabilization more broadly. The report could have emphasized the need for greater civilian focus and civilian expertise in supporting political settlements in conflict-affected states. Unfortunately, despite calls for enhanced unarmed actions to protect civilians and a more preventive approach, the report does not shift away from this military-centric model. People-Centered? The report may include “people” in its title, but it doesn’t adequately place local populations at the center of its vision for peace operations. Instead, the report focuses predominantly on fixing the internal UN machinery. The report acknowledges how hard it is for quick-moving peace operations to engage in participatory methods in the field, but the UN must go further and institutionalize methods to involve local populations. Though it should go without saying, successful approaches to include local populations require women’s inclusion. The report’s recommendations advocate the role of women and gender, although mainly in the context of UN structures and staffing. It could have gone beyond the UN bureaucracy itself to consider how the UN engages with, supports, and empowers local women in decisions and processes and incorporates gender into its programs. Deeper Changes to Leadership and UN Agencies On leadership, there are sound calls (with lengthy precedent elsewhere) for merit-based selection, more orientation up front, and greater empowerment of field leadership. But the underlying problem of incentives is not directly addressed. The selection, performance reviews, and promotion of UN peacekeeping and development officials should involve greater emphasis on peace and security issues. The Sad The above criticisms notwithstanding, the report should be lauded for grappling with the complex challenges facing peace operations in a thoughtful and honest fashion. The panelists don’t shy from recognizing the “root causes” of the issues at hand, and governments from Washington to Khartoum to New Delhi are bound to find something to dislike. Most experts will concur with the panel’s exhortation for more of just about everything—more recognition that peacekeeping and peacebuilding require political solutions rather than military ones; more effort to improve coordination, anticipate crises, act preventively, protect civilians, and work with regional organizations; and more attention to the voices of local populations, particularly those of women. At the same time, the panel recognizes member states’ persistent shortsightedness in failing to dedicate the time and resources necessary to prevent armed conflicts and to adequately respond to them when they do break out. The report skims over this contradiction. The sad fact is that without some force majeure, member states are unlikely to adopt most of the panel’s recommendations—just as they did with the Brahimi Report fifteen years ago. Many real dilemmas are unlikely to be resolved. For instance, how can the Secretariat bar unaccountable member states from contributing troops when the UN is in desperate need of more personnel? How can the UN devote more resources to conflict prevention when doing so could anger the host government in question? The panel’s new report has plenty to commend. It could go further in addressing the underlying challenges of building sustainable peace and placing people front and center. But it remains a good starting point—if UN member states adopt even half of its recommendations.

The following is a guest post by my colleague Adam Mount, a Stanton Nuclear Security Fellow at the Council on Foreign Relations. Though the atomic bomb was first developed in 1945, it was not until 1957 that the U.S. intelligence community conducted its first forecast of how nuclear weapons might spread around the world. That first estimate concluded that some ten countries had the capability to build the bomb in the next decade. Six years later, President John F. Kennedy warned that the 1970s could see a world in which twenty-five countries possessed nuclear weapons. This counterfactual—what would the world look like without the nonproliferation regime?—is one of the most important and vexing questions in international politics. Thankfully, this is only a counterfactual. The nine nuclear weapons states that exist in the world today are still too many, but this number is a far cry from what might have been. Nevertheless, this month’s deal with Iran is an historic step for nonproliferation: for the first time since the dawn of the nuclear era, no country is publicly known to be pursuing a nuclear weapon. As the calendar counts down the sixty days that Congress has to review the deal, the U.S. political system is embroiled in debate over the merits of the deal for the United States and the Middle East. The Iran deal is also significant in that it is an enormous testament to the effectiveness of the complex system of international institutions that govern the nuclear world. In the case of Iran, the process for detecting states seeking nuclear weapons and returning them to compliance worked as intended: the IAEA and national intelligence agencies detected noncompliant behavior in a timely fashion; when Iran refused to resolve the concerns, the IAEA referred its case to the UN Security Council, which imposed strict and escalating sanctions; finally, tireless multilateral negotiations reached agreement about how to bring Iran back into compliance with its international obligations and imposed unprecedented safeguards to constrain the program from prohibited activity. The negotiations set new standards for rigor, cooperation, and creativity, generating several novel instruments that could serve as valuable tools for correcting future proliferation challenges, including a monitored procurement channel through which the international community can approve Iran’s purchases of sensitive components, a requirement that Iran ship its enriched uranium out of the country for downblending, and unprecedented verification measures.  In short, the agreement with Iran strengthens the system of institutions that not only must take on the difficult task of verifying this agreement, but must also work to catch and restrain the next aspirant. The agreement could not come at a better time for the global nuclear regime. Those components of the regime that are already in place are wracked by discord, while other essential pieces have not yet been allowed to enter into force. Though attention has focused on the negotiating teams in Vienna, the Iran deal is proof that the regime functions best as a coherent whole. Each component faces real challenges and needs continued attention if the regime is to thrive. As the foundation of the global nuclear order, the Treaty on the Nonproliferation of Nuclear Weapons (NPT) provides an unambiguous affirmation that new nuclear weapons programs are illegal. The solidity of the NPT is endangered by the nuclear states’ poor progress on disarmament and the movement of concerned states that is considering drafting a global ban on nuclear weapons. The treaty needs the superpowers to make new progress on arms control and for the humanitarian movement to find constructive ways of pursuing their valid goals. Reading the text of the Iran deal, it is clear how much the international community relies on the IAEA—not only as an impartial inspector of countries but also as a patient negotiator that can help them back into compliance. The IAEA will need additional funding to implement the rigorous inspection and monitoring requirements in the Iran deal. The Comprehensive Test Ban Treaty, though not in force, operates an International Monitoring System (IMS) that ensures all states that their adversaries are not racing ahead by testing weapons. This certainty allows the nuclear countries to reduce their stockpiles and reduces proliferation pressures for nonnuclear countries. For the IMS to be fully effective at detecting a nuclear test, eight more countries must ratify the treaty, led by the United States. The Fissile Material Cut-off Treaty is a well-liked proposal that would prohibit the production of the fissile material for nuclear bombs worldwide, providing another layer of restriction and inspection on countries that might want to race ahead of their adversaries. Unfortunately, Pakistan is holding up the treaty in the United Nations. All countries should rededicate themselves to finding solutions to Pakistan’s objections and to pressuring them to allow the treaty to advance. Though not an institution, U.S.-Russia bilateral arms control treaties are another important component of the global nuclear regime. Continued reductions of the world’s largest arsenals is crucial to assuring all states that nuclear weapons are relics of the past, but in recent years, progress has stalled. Other countries should pressure Russia to accept the Obama administration’s proposal to negotiate a further one-third reduction in deployed strategic weapons. In addition, diplomats and analysts around the world should explore new proposals for limiting nuclear dangers. Among the most promising are the proposals for a global regime to control fissile material, regardless of its form, purposes, or location. Versions have been proposed by Amb. Richard Burt and Jan Lodal and by the Nuclear Futures Lab at Princeton University. The approach is related to those provisions in the Iran deal that require Iran to ship its nuclear material out of the country for reprocessing, downblending, or conversion. Currently, the IAEA is working on a global version, an international fuel bank, that would provide countries with an assured supply of low enriched uranium that can be used for peaceful purposes. In subsequent years, world powers should work to ensure that the bank gains broad acceptance and expands its mandate to cover other forms of sensitive material and provide other services to states. The nuclear nonproliferation regime rightly elicits skepticism among politicians and analysts around the world. Deep-seated concerns over national security and justice kept the world powers from designing and implementing a rational and comprehensive regime to limit the spread of nuclear weapons. The existing system was pieced together over the decades by different statesmen with evolving motives. Yet, the Iran agreement proves that the system can still generate new ideas under pressure; meanwhile, proposals like the fissile material agreements discussed above offer a distinct hope of recovering the rationality and comprehensiveness that underwrite a sustainable and effective international regime. Though decades of concerted effort have severely constrained nuclear proliferation, the regime is more important than ever. World powers will rely on the regime as they attempt to implement the Iran deal, roll back the North Korean nuclear program, gain more information about recent events in Syria, and detect the next nuclear aspirant in time to prevent a tenth nuclear state. Like other areas of global governance, the nuclear nonproliferation regime needs to continually improve if it is to survive. At this precarious moment, world powers should not allow themselves to become complacent or to disparage the regime to score political points at home. The world must rededicate itself to building a regime that can make the world safe from the most dangerous weapons.

Below is a visualization and description of some of the most significant incidents of political violence in Nigeria from July 4, 2015 to July 10, 2015. This update also represents violence related to Boko Haram in Cameroon, Chad, and Niger. These incidents will be included in the Nigeria Security Tracker.   July 10: Reported late, Boko Haram killed forty-five in Monguno, Bauchi. July 11: Boko Haram attacked a prison in Diffa, Niger. Three insurgents and one Nigerien solider were killed. July 11: Unknown gunmen killed fifteen people in Eleme, Rivers. July 12: Two suicide bombers killed themselves and fifteen others, including two Chadian soldiers, in Fokotol, Cameroon. Boko Haram is suspected. July 12: Soldiers killed seven Boko Haram insurgents in Mobbar, Borno. July 12: Sectarian violence in Shiroro, Niger state led to eleven deaths. July 13: Boko Haram killed six Quranic scholars, all children, on Tetewa Island in Lake Chad. July 13: Boko Haram killed thirty in Konduga, Borno. July 14: Boko Haram killed fifteen in Kaga, Borno. July 15: Boko Haram killed twelve in Gamgara, Niger. July 15: Thirty-two Boko Haram fighters and sixteen Nigerien villagers were killed in Bosso, Niger. July 16: Two bombs in Gombe killed fifty. Boko Haram is suspected. July 17: Two suicide bombers killed themselves and forty-eight others at a mosque in Damaturu, Yobe. Boko Haram is suspected. July 17: Nineteen Boko Haram insurgents and two Chadian soldiers were killed in Komguia, Chad. July 17: Boko Haram killed eleven in Kaga, Borno.